make:auth Login form: we should add RememberMeBadge

[weaverryan]

In the new authenticator system, if you want to support "remember me" functionality, then your authenticator needs to return a RememberMeBadge. This advertises that it is "ok to activate remember me on this authenticator". It is safe to always add in our generated code because if the user doesn't have remember me activated (either in config or they don't have the remember me checkbox), nothing will happen. For example, it is ALWAYS returned from the core FormLoginAuthenticator.

Probably we will also need one comment line above the new badge to explain its purpose.

EDIT: And I wonder if we should even ask "Do you want to support remember me?" during this process? We could then ask "Do you want remember me to be activated via a checkbox or always activated"? We could use this to determine how the template is generated AND to automatically add the correct remember_me config to security.yaml.

[Mika56]

Spent a good hour on this.
The generated view says to read https://symfony.com/doc/current/security/remember_me.html to enable remember me, and uncomment the checkbox.
However, the doc only says to add the remember_me node to the firewall config. There's no mention of RememberMeBadge being required. Nothing is being logged on the Symfony side either.

[kriskoch]

+1. I just spent last 40 minutes trying to figure out why the remember me functionality wasn't working.
Finally stepped through the code and noticed that the passport wasnt including the remember me badge.

I really like the new symfony 5 auth system but documentation on it seems to be a bit lacking. I would expect a maker bundle should include this functionality.

[537mfb]

The documentation for the remember me functionality hasn't been updated in a while (most of the security documentation regarding the authentication system still refers to the old Guard system really) - and this new authentication system with badges is quite new (introduced in Symfony 5.1 and never been the default in any LTS version - symfony 5.4 will be the first I think, with release expected at the end of november).

It's probably still beeing fine tuned at the moment I guess.

Actually, make:reg and make:reset-password are still using the old passwordencoder (deprecated, but still works for now) instead of the now prefered passwordhasher.

And make:reg fails to create the code to authenticate automatically after registration as it can't find the Guard authenticator. This has to be done manually for now. Took me some googling tricks to get this working.

Updating so many documentation pages will take time I excpect.